Privacy

New California Privacy Law Will Require Chrome/Edge/Safari to Offer Easy Opt-Outs for Data Sharing (9to5mac.com) 45

"California Governor Gavin Newsom signed the 'California Opt Me Out Act', which will require web browsers to include an easy, universal way for users to opt out of data collection and sales," reports the blog 9to5Mac: [The law] requires browsers to provide a clear, one-click mechanism for Californians to opt out of data sharing across websites. The bill reads: "A business shall not develop or maintain a browser that does not include functionality configurable by a consumer that enables the browser to send an opt-out preference signal to businesses with which the consumer interacts through the browser...." Californians will need patience, though, as the law doesn't take effect until January 1, 2027.
Americans in some states — including California, Texas, Colorado, New Jersey and Maryland — "have the option to make those opt-out demands automatic whenever they surf the web," reports the Washington Post. "But they can only do so if they use small browsers that voluntarily offer that option, such as DuckDuckGo, Firefox and Brave. What's new in California's law is that all browsers must give people the same option." That means soon in California, just using Google's Chrome, Apple's Safari and Microsoft's Edge can command companies not to sell your data or pass it along for ad targeting... It's an imperfect but potent and simple way to flex privacy rights — and becomes even more powerful with another simple privacy measure in California. Starting on January 1, California residents can fill out an online form once to completely and repeatedly wipe their data from hundreds of data brokers that package your personal information for sale.
But their article also suggests other ways readers can "try a one-click privacy option now."
  • "[S]ome national companies respect one-click privacy opt-out requests from everyone... This happens automatically if you use DuckDuckGo and Brave. You need to change a setting with Firefox."
  • "Download Privacy Badger: The software from the Electronic Frontier Foundation, a consumer privacy advocacy group, works in the background to order websites not to sell information they're collecting about you."
  • "Use Permission Slip from Consumer Reports. Give the app basic information, and it will help you do much of the legwork to tell companies not to sell your information or to delete it, if you have the right to do so."

Firefox

Firefox Feature Gets Special Mention In TIME's Best Inventions of 2025 41

Mozilla Firefox's new "Shake to Summarize" feature earned a spot on TIME's Best Inventions of 2025, allowing users to shake their phone to instantly summarize long web pages. Anthony Enzor-DeMeo, general manager of Firefox, calls it a "testament to the incredible work of our UX, design, product, and engineering teams who brought this innovation to life." Neowin reports: Shake to summarize works exactly how you suspect: you physically shake your phone to generate a summary of a long article. This can be quite handy if you are trying to get the gist of a long read without scrolling through the whole thing. Other ways to activate the feature include tapping the thunderbolt icon in the address bar and selecting "Summarize Page" from the three-dot menu.

For now, the feature is limited to iOS users in the US with their system set to English, but Mozilla promises an Android version is in the works. If you have an iPhone 15 Pro or newer running iOS 26, Apple Intelligence generates the summaries on the device. For older iPhones or those on earlier iOS versions, the page text is sent to Mozilla's servers for processing.
You can view the full list of TIME's "Special Mentions" here.
Firefox

Firefox Will Offer Visual Searching on Images With AI-Powered Google Lens (webpronews.com) 45

"We've decided to support image-based search," announced the product manager for Firefox Search. Powered by the AI-driven Google Lens search technology, they promise the new feature offers "a frictionless, fast, and a curiosity-sparking way to (as Google puts it) 'search what you see'." With just a right-click on any image, you'll be able to:

- Find similar products, places, or objects
- Copy, translate, or search text from images
- Get inspiration for learning, travel, or shopping

Look for the new "Search Image with Google Lens" option in your right-click menu (tagged with a NEW badge at first). This is a desktop-only feature, and it will start gradually rolling out worldwide. Note: Google must be set as your default search engine for this feature to appear.

We'll be listening closely to your feedback as we roll it out. Some of the things we're wondering about:

Does the placement in the context menu align with your expectations?
Would you prefer the option to choose your visual search provider?
Where else would you like entry points to visual search (e.g. when you open a new tab, in the address bar, on mobile devices, etc.)

We can't wait to hear your thoughts as the rollout begins!

Some thoughts from WebProNews: Mozilla emphasizes that this is an opt-in feature, giving users control over activation, which aligns with the company's longstanding commitment to privacy and user agency.

Yet, for industry observers, this partnership with Google raises intriguing questions about competitive dynamics in the browser space, where Firefox has historically positioned itself as an independent alternative to Chrome... This move comes at a time when browsers are increasingly becoming platforms for AI-driven enhancements, as evidenced by recent updates in competitors like Microsoft's Edge, which integrates Copilot AI. Mozilla's decision to leverage Google Lens rather than developing an in-house solution could be seen as a pragmatic step to accelerate feature parity, especially given Firefox's smaller market share. Insiders note that by tapping into established technologies, Mozilla can focus resources on core strengths like privacy protections, potentially attracting users disillusioned with data-heavy ecosystems... While mobile users might feel left out, the phased rollout over the next few weeks allows for feedback loops through community channels, a hallmark of Mozilla's open-source ethos.

Data from similar integrations in other browsers suggests visual search can boost engagement by 15-20%, per industry reports, though Mozilla has not disclosed specific metrics yet... Looking ahead, Mozilla's strategy appears geared toward incremental innovations that bolster user retention without alienating its privacy-focused base. If successful, this could help Firefox claw back some ground against Chrome's dominance, estimated at over 60% market share. For now, the feature's gradual deployment invites ongoing dialogue, underscoring Mozilla's community-driven model in an industry often criticized for top-down decisions.

Firefox

Firefox Finally Introducing MKV Playback Support (phoronix.com) 48

An anonymous reader shares a report: Within the nightly builds of the Firefox web browser is finally the ability to support playback of Matroska "MKV" content. Enabled just within the Firefox Nightly builds for now or opting in within the media.mkv.enabled preference is the ability to support MKV playback.

Initially just AVC/H.264 and AAC within MKV containers are supported but other codec support will be expanded over time. For the past eight years there has been this feature request for supporting Matroska/MKV playback support.

Firefox

New In Firefox Nightly Builds: Copilot Chatbot, New Tab Widgets, JPEG-XL Support (omgubuntu.co.uk) 45

The blog OMG Ubuntu notes that Microsoft Copilot chatbot support has been added in the latest Firefox Nightly builds. "Firefox's sidebar already offers access to popular chatbots, including OpenAI's ChatGPT, Anthropic's Claude, Le Chat's Mistral and Google's Gemini. It previously offered HuggingChat too." As the testing bed for features Mozilla wants to add to stable builds (though not all make it — eh, rounded bottom window corners?), this is something you can expect to find in a future stable update... Copilot in Firefox offers the same features as other chatbots: text prompts, upload files or images, generate images, support for entering voice prompts (for those who fancy their voice patterns being analysed and trained on). And like those other chatbots, there are usage limits, privacy policies, and (for some) account creation needed. In testing, Copilot would only generate half a summary for a webpage, telling me it was too long to produce without me signing in/up for an account.

On a related note, Mozilla has updated stable builds to let third-party chatbots summarise web pages when browsing (in-app callout alerts users to the 'new' feature). Users yet to enable chatbots are subtly nudged to do so each time they right-click on web page. [Between "Take Screenshot" and "View Page Source" there's a menu option for "Ask an AI Chatbot."] Despite making noise about its own (sluggish, but getting faster) on-device AI features that are privacy-orientated, Mozilla is bullish on the need for external chatbots.

The article suggests Firefox wants to keep up with Edge and Chrome (which can "infuse first-party AI features directly.") But it adds that Firefox's nightly build is also testing some non-AI features, like new task and timer widgets on Firefox's New Tab page. And "In Firefox Labs, there are is an option to enable JPEG XL support, a super-optimised version of JPEG that is gaining traction (despite Google's intransigence).

Other Firefox news:
  • Google "can keep paying companies like Mozilla to make Google the default search engine, as long as these deals aren't exclusive anymore," reports the blog It's FOSS News. (The judge wrote that "Cutting off payments from Google almost certainly will impose substantial — in some cases, crippling — downstream harms to distribution partners..." according to CNBC — especially since the non-profit Mozilla Foundation gets most of its annual revenue from its Google's search deal.)
  • Don't forget you can now search your tabs, bookmarks and browsing history right from the address bar with keywords like @bookmarks, @tabs, and @history. (And @actions pulls up a list of actions like "Open private window" or "Restart Firefox").

Firefox

Firefox Ending 32-bit Linux Support Next Year 40

Mozilla announced today that they will end 32-bit Linux support for Firefox in 2026, with version 144 being the last release and ESR 140 as the fallback option. Phoronix reports: Firefox has continued providing 32-bit Linux binaries even with most other web browsers and operating systems going all-in on x86_64 support. But given that 32-bit Linux support is waning by distributions and the vast majority of distributions aren't even shipping i686 install images anymore, they will be removing 32-bit Linux builds in 2026.
Chrome

Chrome Increases Its Overwhelming Market Share, Now Over 70% (neowin.net) 81

Chrome has extended its dominance in the browser wars, surpassing 70% market share on desktops while Edge, Safari, Firefox, and Opera trail far behind. Neowin reports: According to [Statcounter], in August 2025, Chrome kept on increasing its overwhelming market share, which is now above the 70% mark (70.25%, to be precise) in the desktop browser market. The gap between Chrome and its closest competitor, Microsoft Edge, is immense, with Edge holding just 11.8% (+0.01 points over the previous month). Apple's Safari is third with 6.34% (+1.04 points); Firefox has 4.94% (-0.36 points); and Opera is fifth with a modest 2.06% market share (-0.13 points).

Things look similar on the mobile side of the market, with Google Chrome having 69.15% (+1.92 points) and Safari being second with 20.32% (-2.2 points). Samsung Internet is third with 3.33% (-0.17 points). As for Microsoft Edge, its mobile share is only 0.59% (+0.06 points).
The findings can be found here.
Firefox

Firefox 142's Link Previews Have a New Option: AI-Generated Summaries (theregister.com) 73

"Good news, everyone! The new version of Mozilla's browser now makes even more extensive use of AI," writes the Register, "providing summaries of linked content and offering developers the ability to add LLM support to extensions." Firefox 142 brings some visible shininess, but due to the combination of regional restrictions and Mozilla's progressive rollout system, not everybody can see all the features just yet... Not geofenced but subject to phased rollout are link previews, for various native-English-speaking regions. Hover over, long-press, or right-click a link and pick Preview Link, and a summary should appear. Mozilla's summary says: "Previews can optionally include AI-generated key points, which are processed on your device to protect your privacy."
"Link Previews is gradually rolling out to ensure performance and quality," Firefox says in their release notes, "and is now available in en-US, en-CA, en-GB, en-AU for users with more than 3 GB of available RAM." (The notes also add a welcome for "the developers who contributed their first code change to Firefox in this release, 20 of whom were brand new volunteers!")

The Register notes that Firefox 142 also gives developers the ability to add LLM support to extensions using wllama, a Wasm binding interfacing with llama.cpp, which lets you run Meta's Llama LLM and other models, locally or in the cloud.
Firefox

Mozilla Under Fire For Firefox AI 'Bloat' That Blows Up CPU and Drains Battery (neowin.net) 107

darwinmac writes: Firefox 141 rolled out a shiny new AI-powered smart tab grouping feature (it tries to auto-organize your tabs using a local model), but it turns out the local "Inference" process that powers it is acting like an energy-sucking monster. Users are reporting massive CPU spikes and battery drain and calling the feature "garbage" that's ruining their browsing experience.
Crime

$1M Stolen in 'Industrial-Scale Crypto Theft' Using AI-Generated Code 38

"What happens when cybercriminals stop thinking small and start thinking like a Fortune 500 company?" asks a blog post from Koi Security. "You get GreedyBear, the attack group that just redefined industrial-scale crypto theft."

"150 weaponized Firefox extensions [impersonating popular cryptocurrency wallets like MetaMask and TronLink]. Nearly 500 malicious executables. Dozens of phishing websites. One coordinated attack infrastructure. According to user reports, over $1 million stolen." They upload 5-7 innocuous-looking extensions like link sanitizers, YouTube downloaders, and other common utilities with no actual functionality... They post dozens of fake positive reviews for these generic extensions to build credibility. After establishing trust, they "hollow out" the extensions — changing names, icons, and injecting malicious code while keeping the positive review history. This approach allows GreedyBear to bypass marketplace security by appearing legitimate during the initial review process, then weaponizing established extensions that already have user trust and positive ratings. The weaponized extensions captures wallet credentials directly from user input fields within the extension's own popup interface, and exfiltrate them to a remote server controlled by the group...

Alongside malware and extensions, the threat group has also launched a network of scam websites posing as crypto-related products and services. These aren't typical phishing pages mimicking login portals — instead, they appear as slick, fake product landing pages advertising digital wallets, hardware devices, or wallet repair services... While these sites vary in design, their purpose appears to be the same: to deceive users into entering personal information, wallet credentials, or payment details — possibly resulting in credential theft, credit card fraud, or both. Some of these domains are active and fully functional, while others may be staged for future activation or targeted scams...

A striking aspect of the campaign is its infrastructure consolidation: Almost all domains — across extensions, EXE payloads, and phishing sites — resolve to a single IP address: 185.208.156.66 — this server acts as a central hub for command-and-control, credential collection, ransomware coordination, and scam websites, allowing the attackers to streamline operations across multiple channels... Our analysis of the campaign's code shows clear signs of AI-generated artifacts. This makes it faster and easier than ever for attackers to scale operations, diversify payloads, and evade detection.

This isn't a passing trend — it's the new normal.

The researchers believe the group "is likely testing or preparing parallel operations in other marketplaces."
KDE

KDE Calls Microsoft's Copilot Key 'Dumb', Will Let You Remap It Soon (neowin.net) 46

Plasma 6.4.5 is coming September 9th, reports Neowin. But they also report that the KDE team is already focusing on other upcoming release: Starting with KDE Frameworks, KDE's collection of foundational libraries, version 6.18 promises to let you do something with that "dumb" Microsoft Copilot key found on many new laptops. The developers will soon allow you to set up keyboard shortcuts using this new key, and the team plans to let you remap it to another key in the future. If you're curious, one user on KDE's bug tracker noted that on GNOME, the key combination shows up as "Meta+Shift+Touchpad Disable" and is fully remappable...

When you try to install a Flatpak from a website like Flathub in Plasma 6.5 [coming in October], Discover now has proper support for flatpak+https:// URLs, so it opens automatically. 6.5 is also bringing a much stricter window activation policy on Wayland to stop applications from rudely stealing your focus. And now, when you mute your microphone with a shortcut, the "Mute Microphone" button will mute all input sources, not just the active one.

Since Firefox does not block the system from sleeping during a download, the Plasma Browser Integration extension for Firefox has gotten an update to handle that job itself.

Firefox

Mozilla Ships WebGPU in Firefox 141, Catching Up To Chrome's 2023 Launch (wordpress.com) 20

Mozilla will ship WebGPU support in Firefox 141 when the browser launches July 22, bringing graphics processing capabilities that Chrome users have had since 2023. The initial release supports Windows only, with Mac, Linux, and Android planned for the coming months.

WebGPU provides web content direct access to graphics processors for high-performance computation and rendering in games and complex 3D applications. Chrome gained WebGPU support with version 113 in 2023, while Safari 26 is expected to add the feature this fall. Firefox's implementation uses the WGPU Rust crate, which translates web requests into native commands for Direct3D 12, Metal, or Vulkan.
Firefox

'Firefox is Fine. The People Running It are Not' (theregister.com) 150

"Firefox is dead to me," wrote Steven J. Vaughan-Nichols last month for The Register, complaining about everything from layoffs at Mozilla to Firefox's discontinuation of Pocket and Fakespot, its small market share, and some user complaints that the browser might be becoming slower. But a new rebuttal (also published by The Register) argues instead that Mozilla just has "a management layer that doesn't appear to understand what works for its product nor which parts of it matter most to users..."

"Steven's core point is correct. Firefox is in a bit of a mess — but, seriously, not such a bad mess. You're still better off with it — or one of its forks, because this is FOSS — than pretty much any of the alternatives." Like many things, unfortunately, much of computing is run on feelings, tradition, and group loyalties, when it should use facts, evidence, and hard numbers. Don't bother saying Firefox is getting slower. It's not. It's faster than it has been in years. Phoronix, the go-to site for benchmarks on FOSS stuff, just benchmarked 21 versions, and from late 2023 to now, Firefox has steadily got faster and faster...

Ever since Firefox 1.0 in 2004, Firefox has never had to compete. It's been attached like a mosquito to an artery to the Google cash firehose... Mozilla's leadership is directionless and flailing because it's never had to do, or be, anything else. It's never needed to know how to make a profit, because it never had to make a profit. It's no wonder it has no real direction or vision or clue: it never needed them. It's role-playing being a business. Like we said, don't blame the app. You're still better off with Firefox or a fork such as Waterfox. Chrome even snoops on you when in incognito mode...

One observer has been spectating and commentating on Mozilla since before it was a foundation — one of its original co-developers, Jamie Zawinksi... Zawinski has repeatedly said: "Now hear me out, but What If...? browser development was in the hands of some kind of nonprofit organization?"

"In my humble but correct opinion, Mozilla should be doing two things and two things only:

— Building THE reference implementation web browser, and
— Being a jugular-snapping attack dog on standards committees.
— There is no 3."



Perhaps this is the only viable resolution. Mozilla, for all its many failings, has invented a lot of amazing tech, from Rust to Servo to the leading budget phone OS. It shouldn't be trying to capitalize on this stuff. Maybe encourage it to have semi-independent spinoffs, such as Thunderbird, and as KaiOS ought to be, and as Rust could have been. But Zawinski has the only clear vision and solution we've seen yet. Perhaps he's right, and Mozilla should be a nonprofit, working to fund the one independent, non-vendor-driven, standards-compliant browser engine.

The Internet

Browser Extensions Turn Nearly 1 Million Browsers Into Website-Scraping Bots (arstechnica.com) 28

Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports: Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies.

Tuckner said in an email Wednesday that the most recent status of the affected extensions is:

- Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library.
- Of 129 Edge extensions incorporating the library, eight are now inactive.
- Of 71 affected Firefox extensions, two are now inactive.

Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.

Firefox

Firefox 140 Arrives With ESR Status 29

Longtime Slashdot reader williamyf writes: Firefox 140 just landed. Some user-facing features include:

Vertical Tabs: You can now keep more -- or fewer -- pinned tabs in view for quicker access to important windows. Just drag the divider to resize your pinned tabs section.
Unload Tabs: You can now unload tabs by right-clicking on a tab (or multiple selected tabs) and selecting "Unload Tab." This can speed up performance by reducing Firefox's memory and CPU usage.

But the most important feature? This release is an Extended Support Release (ESR). Why are ESRs so important? ESR is the Firefox version that ships as the default with many Linux distributions. Some downstream projects (like Waterfox) depend on the ESR version. Many enterprise software systems are tested only against ESR. When features are dropped -- like support for older operating systems or Flash -- ESR keeps that functionality around for longer.

And speaking of old operating systems: If you are using Windows 7, 8.1, or macOS 10.12~10.15, note that FireFox ESR 115 (the last version supporting these OSs) will continue to receive patches until at least September 2025.

So one can see why ESR is very important for some people.
The release notes are available here.
Firefox

'Firefox Is Dead To Me' (theregister.com) 240

Veteran columnist Steven J. Vaughan-Nichols declared that Firefox was "dead" to him in a scathing opinion piece Tuesday that cites Mozilla's strategic missteps and the browser's declining technical performance as evidence of terminal decline. Vaughan-Nichols argues that Mozilla has fundamentally betrayed user trust by removing a longstanding promise never to sell personal data from its privacy policy in February, replacing it with a weaker pledge to "protect your personal information."

The veteran technology writer also criticized Mozilla's decision to discontinue Pocket, a popular article-saving service, and Fakespot, which identified fake online reviews, while pursuing what he called a misguided AI strategy. He cited user reports of Firefox running up to 30% slower than Chrome, consuming excessive memory, and failing to properly load major websites. Mozilla has also become financially more vulnerable, he argued, noting CFO Eric Muhlheim's admission that the company depends on Google for 90% of its revenue. According to federal data he cited, Firefox holds just 1.9% of the browser market, leading him to conclude the browser is "done."
The Internet

An Experimental New Dating Site Matches Singles Based on Their Browser Histories (wired.com) 72

A dating site launched last week by Belgian artist Dries Depoorter matches potential partners based on their internet browsing histories rather than curated profiles or photos. Browser Dating requires users to download a Chrome or Firefox extension that exports and uploads their recent search data, creating matches based on shared online behaviors and interests rather than traditional dating app metrics.

Less than 1,000 users have signed up since the platform's launch, paying a one-time fee of $10.3 for unlimited matches or using a free tier limited to five connections. Depoorter, known for digital art projects exploring surveillance and technology, says the concept emerged from a 2016 workshop where participants shared a year of search history data. The platform processes browsing data locally using Google's Firebase tools.
Advertising

Washington Post's Privacy Tip: Stop Using Chrome, Delete Meta's Apps (and Yandex) (msn.com) 70

Meta's Facebook and Instagram apps "were siphoning people's data through a digital back door for months," writes a Washington Post tech columnist, citing researchers who found no privacy setting could've stopped what Meta and Yandex were doing, since those two companies "circumvented privacy and security protections that Google set up for Android devices.

"But their tactics underscored some privacy vulnerabilities in web browsers or apps. These steps can reduce your risks." Stop using the Chrome browser. Mozilla's Firefox, the Brave browser and DuckDuckGo's browser block many common methods of tracking you from site to site. Chrome, the most popular web browser, does not... For iPhone and Mac folks, Safari also has strong privacy protections. It's not perfect, though. No browser protections are foolproof. The researchers said Firefox on Android devices was partly susceptible to the data harvesting tactics they identified, in addition to Chrome. (DuckDuckGo and Brave largely did block the tactics, the researchers said....)

Delete Meta and Yandex apps on your phone, if you have them. The tactics described by the European researchers showed that Meta and Yandex are unworthy of your trust. (Yandex is not popular in the United States.) It might be wise to delete their apps, which give the companies more latitude to collect information that websites generally cannot easily obtain, including your approximate location, your phone's battery level and what other devices, like an Xbox, are connected to your home WiFi.

Know, too, that even if you don't have Meta apps on your phone, and even if you don't use Facebook or Instagram at all, Meta might still harvest information on your activity across the web.

Privacy

Meta and Yandex Are De-Anonymizing Android Users' Web Browsing Identifiers (github.io) 77

"It appears as though Meta (aka: Facebook's parent company) and Yandex have found a way to sidestep the Android Sandbox," writes Slashdot reader TheWho79. Researchers disclose the novel tracking method in a report: We found that native Android apps -- including Facebook, Instagram, and several Yandex apps including Maps and Browser -- silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programmatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users' web activity.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs.
This technique circumvents privacy protections like Incognito Mode, cookie deletion, and Android's permission model, with Meta Pixel and Yandex Metrica scripts silently communicating with apps across over 6 million websites combined.

Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse.
Microsoft

Microsoft To Finally Stop Bugging Windows Users About Edge - But Only in Europe (theverge.com) 46

An anonymous reader shares a report: Microsoft's changes in response to the Digital Markets Act already included allowing Windows machines in the regions it covers to uninstall Edge and remove Bing results from Windows search, but now the list is growing in some meaningful ways. New features announced Monday for Microsoft Windows users in the European Economic Area (the EU plus Iceland, Liechtenstein, and Norway) include the option to uninstall the Microsoft Store and avoid extra nags or prompts asking them to set Microsoft Edge as the default browser unless they choose to open it.

Additionally, setting a different browser, like Chrome, Firefox, Brave, or something else, will pin it to the taskbar unless the user chooses not to. While setting a different browser default already attaches it to a few link and file types like https and .html, now users in the EEA will see it apply to more types like "read," ftp, and .svg. The default browser changes are live for some users in the beta channel and are set to roll out widely on Windows 10 and Windows 11 in July.

Slashdot Top Deals